This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
"Do not Access Superglobal $_POST Array Directly. Use some filtering functions instead (e.g. filter_input(), conditions with is_*() functions, etc.)" This hint also appears if $_POST is being assigned: $_POST = $postData; In my concrete case this is used to prepare the environment for a PHPUnit test case. I believe the hint is not appropriate in this situation.
(In reply to AndreasBuck from comment #0) > "Do not Access Superglobal $_POST Array Directly. > > Use some filtering functions instead (e.g. filter_input(), conditions with > is_*() functions, etc.)" > > This hint also appears if $_POST is being assigned: > $_POST = $postData; > > In my concrete case this is used to prepare the environment for a PHPUnit > test case. I believe the hint is not appropriate in this situation. You have to use filter functions like: - filter_input_array - htmlentities - mysql_real_escape_string I'm annoyed that the warning is still showing up when using: isset(), is_null(), empty() since I'm sticking to the comment.
My concern is that assigning the variable should not give a warning about accessing it, which in this case I don't. Or did I get the concept wrong? To me it seems reasonable to get the warning if I do something like this: $useInput = $_POST['input']; As it clearly is dangerous to just do that without performing any checking as proposed by the hint. I also feel that it is correct that isset(), is_null() or empty() aren't considered as a solution in this case as this only checks that there is a value but not not what it is. As in, whether it is dangerous to be used. It seems unnecessary though to apply the same hint to this case: $_POST = $dummyArrayValue; // for unit testing As I just found out, the hint is actually not shown if I would instead do this: $_POST['value'] = $dummyValue; // for unit testing Which appears like an inconsistency and makes me believe even more that the initial intention was not to show the hint on assignment.